ATM Explosive Attacks fall in Europe

EAST has published a European Payment Terminal Crime Report covering the first 6 months of 2021 which shows a significant fall in ATM explosive attacks.

While overall ATM related physical attacks were up 2% (from 1,829 to 1,873 incidents), mainly driven by a rise in vandalism, ATM explosive attacks (including explosive gas and solid explosive attacks) were down 52% (from 505 to 241 incidents).  Attacks due to ram raids and ATM burglary were down 42% (from 405 to 234 incidents).  Losses due to ATM related physical attacks were €4.9 million, a 61% decrease from the €12.6 million reported during the same period in 2020.  35% of these losses were due to explosive attacks, which were down 58% from €7.6 million to €3.2 million.

EAST Executive Director Lachlan Gunn said, “The first 6 months of this year have been influenced by the Covid-19 pandemic, although travel restrictions have eased across Europe. This significant fall in explosive attacks at ATMs is welcome news for all of us, given the destructive nature of such attacks and the resultant risks to life and property. However, the prize remains an attractive option for criminals and the average cash loss per successful solid explosive attack is now estimated at €40,877. To address the issue our EGAP expert group has worked closely with Europol and other Law Enforcement Agencies, and all parties remain vigilant to the threat.”

ATM malware and logical attacks against ATMs were down 74% (from 129 to 33) and all but one of the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were down 37% from €1.0 to €0.63 million. Most such attacks remain unsuccessful.

Terminal related fraud attacks were down 24% (from 3,631 to 2,775 incidents). Card skimming fell to another all-time low (down from 321 to 279 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 100% (down from 108 to zero incidents). Total losses of €102 million were reported, down 6% from the €109 million reported during the same period in 2020. Most losses remain international issuer losses due to card skimming, which were €86 million.

A summary of the report statistics under the main headings is in the table below.

 

The full Crime Report is available to EAST Members (National, Global and Associate)

ATM Explosive Attack OCG taken down by Police

An organised crime group (OCG) specialised in ATM explosive attacks has been taken down by a coordinated cross-border police operation.  9 suspects were taken into custody after the action by a joint investigation team (JIT) between the Dutch and German authorities.  The 18-month investigation was coordinated by Europol and Eurojust.

The criminals produced step-by-step tutorials on how to blow up ATMs and have been linked to at least 15 ATM attacks in Germany.  The ATMs were blown open using homemade improvised explosive devices (IEDs), posing a serious risk to life.  During one test run by the criminals, one suspect died and another was seriously injured.

Some key facts relating to the investigation are:

  • It was initiated in February 2020 after authorities in Osnabrück, Germany, identified suspicious orders of ATMs from a German company.
  • Special surveillance measures were put in place, which led the investigators to Utrecht, the Netherlands, where a 29 year-old individual and his 24 year-old accomplice were running an illegal training centre for ATM attacks.
  • The pair was ordering different models of ATMs and recording tutorials on how to most effectively blow them up.
  • Links were also established between this criminal organisation and at least 15 ATM attacks in Germany. The total damage, including both the losses and the property damage, is estimated at approximately €2,150,000.

The investigation culminated in a series of police raids on 28 September for which two Europol experts were deployed in the field.  Seven house searches were carried out in the Netherlands in the triangle of Utrecht, Amsterdam and the Hague, resulting in the arrest of three suspects.  These three individuals are currently in custody in the Netherlands and are to be extradited to Germany.

Given the cross-border nature of this case, a Joint Investigation Team (JIT) was set-up in April 2021 between the Dutch and German authorities with the assistance and financing of Eurojust.  Furthermore, the Agency organised the judicial cooperation and supported the execution of European Investigation Orders (EIOs).

In addition, an Operational Taskforce (OTF) was set up between Europol, Germany and the Netherlands to pool investigative resources and expertise.  In the framework of this OTF, 18 operational meetings were held at Europol to prepare for the final phase of the action.

ATM explosive attacks are a growing concern, as they often put innocent lives in danger.  In order to prevent and tackle this type of crime, close cooperation between law enforcement and the ATM industry is paramount.  Europol and the European Crime Prevention Network (EUCPN) have worked on a number of recommendations to prevent physical attacks against ATMs.

The EAST Expert Group on ATM and ATS Physical Attacks (EAST EGAP) is a European specialist expert forum for discussion of ATM,  ATS and CIT related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.

The EAST EGAP meets twice each year to enable in-depth and technical discussion to take place.  The Group held its 16th Meeting on 1 September 2021.  To date it has published 46 Physical Attack Alerts for EAST members, 35 of which relate to ATM Explosive Attacks (22 Explosive Gas and 13 Solid explosive).

Terminal fraud attacks in Europe drop during the Covid-19 pandemic

Terminal fraud attacks in Europe drop during the Covid-19 pandemicEAST has published a European Payment Terminal Crime Report covering 2020 which shows that terminal related fraud attacks have dropped significantly during the Covid-19 pandemic.

Terminal related fraud attacks were down 64% (from 18,217 to 6,523 incidents). Card skimming fell to another all-time low (down from 1,496 to 656 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 9,054 to just 250 incidents). Total losses of €218 million were reported, down 14% from the €249 million reported during 2019. Most losses remain international issuer losses due to card skimming, which were €183 million.

EAST Executive Director Lachlan Gunn said, “2020 was a highly unusual year due to the Covid-19 pandemic, and crime and fraud patterns changed accordingly.  While it is good news to see such a significant fall in terminal fraud attacks, there is concern that explosive attacks at ATMs have only fallen by 6%, and that related losses are up by 39%.  The average cash loss for a solid explosive attack is estimated at €28,218, and collateral damage to equipment and buildings can be significant.  There are also major safety issues.  Despite national lockdowns and border closures, mobile organised crime groups continued to operate across Europe.

ATM related physical attacks were down 19% (from 4,571 to 3,722 incidents).  Attacks due to ram raids and ATM burglary were down 33% (from 1,122 to 749 incidents).  ATM explosive attacks (including explosive gas and solid explosive attacks) were down 6% (from 977 to 923 incidents).  Losses due to ATM related physical attacks were €22.4 million, a 1% increase from the €22.1 million reported during 2019.  47% of these losses were due to explosive attacks, which were up 39% from €10.49 to €14.59 million.

ATM malware and logical attacks against ATMs were up 44% (from 35 to 129) and all the reported attacks were Black Box attacks.  A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM.  Related losses were up 14% from €1.09 to €1.24 million.  Most such attacks remain unsuccessful.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

Preventing Physical ATM Attacks – advice in all EU Languages

physical ATM attacksTo counter the increase in physical ATM attacks in Europe, affecting an increasing number of European countries, the European Crime Prevention Network (EUCPN) and Europol organised a conference (January 2019) bringing together law enforcement and public and private partners to look at the prevention of this crime. EAST was represented at the event by Executive Director Lachlan Gunn.  The output was a recommendation paper summarising the conclusions of the conference and aimed at raising authorities’ awareness of physical ATM attacks and preventive measures.

This recommendation paper has now been translated into all the EU languages and is available for download from the EUCPN website.

In the most recent European Payment Terminal Crime Report published by EAST on 13 October 2020, and covering the first 6 months of this year, ATM explosive attacks (including explosive gas and solid explosive attacks) were up 0.4% (from 503 to 505 incidents). Losses due to physical ATM attacks were €12.6 million, an 11% increase from the €11.4 million reported during the same period in 2019. This increase was driven by a rise in losses due to explosive and gas attacks, which were up 49% from €5.1 million to €7.6 million.

Black Box attacks increase across Europe

Black BoxEAST has just published a European Payment Terminal Crime Report covering the first six months of 2020 which reports a sharp increase in Black Box attacks on European ATMs.

ATM malware and logical attacks against ATMs were up 269% (from 35 to 129) and all the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were up from less than €1,000, to just over €1 million.

EAST Executive Director Lachlan Gunn said, “Overall crime at terminals has decreased during the lockdown phase of the pandemic. While this rise in Black Box attacks is of concern, most such attacks remain unsuccessful. Our Expert Group on All Terminal Fraud (EGAF) is focussed on addressing this issue, with close cooperation between industry partners and law enforcement. In January 2019 EGAF worked with Europol to update a document, published by Europol, entitled ‘Guidance & recommendations regarding logical attacks on ATMs’. This is currently available in English, French, German, Russian, Spanish and Turkish”.

Terminal related fraud attacks were down 66% (from 10,723 to 3,631 incidents). Card skimming fell to another all-time low (down from 731 to 321 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 3,405 to just 108 incidents). Total losses of €109 million were reported, down 12% from the €124 million reported during the same period in 2019.

ATM related physical attacks were down 23% (from 2,376 to 1,829 incidents). Attacks due to ram raids and ATM burglary were down 34% (from 610 to 405 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 0.4% (from 503 to 505 incidents). Losses due to ATM related physical attacks were €12.6 million, an 11% increase from the €11.4 million reported during the same period in 2019. This increase was driven by a rise in losses due to explosive and gas attacks, which were up 49% from €5.1 million to €7.6 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

 

Terminal fraud attacks increase in Europe

terminal fraudEAST has just published a European Payment Terminal Crime Report covering 2019 which reports that terminal fraud attacks were up 35%.

Terminal related fraud attacks rose from 13,511 to 18,217 incidents, mainly driven by an 87% increase in ATM transaction reversal fraud attacks (up from 4,843 to 9,054 incidents), while card skimming incidents fell 21% to an all-time low (down from 1,883 to 1,496 incidents).

EAST Executive Director Lachlan Gunn said, “Despite the overall rise in terminal fraud incidents, total reported losses were almost unchanged. Transaction reversal fraud losses did rise from €2.6 million to €5.2 million, but the continued drop in skimming incidents has helped to keep the overall loss position stable.”

Total losses of €249 million were reported, up 1% from the €247 million reported in 2018. Overall losses due to card skimming were unchanged and losses due to card trapping were down by 14% (from €2.9 million to €2.5 million).

ATM related physical attacks were up 0.5% (from 4,579 to 4,571 incidents). Attacks due to ram raids and ATM burglary were down 11% (from 1,256 to 1,122 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were down 7% (from 1,052 to 977 incidents). Losses due to ATM related physical attacks were €22 million, a 39% decrease from the €36 million reported in 2018.

The average cash loss for a robbery is estimated at €20,369 per incident, the average cash loss per explosive or gas attack is €10,735 and the average cash loss for a ram raid or burglary attack is €9,377. These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A total of 140 ATM malware and logical attacks were reported, down from 157 in 2018, an 11% decrease. All the reported attacks were ‘cash out’ or ‘jackpotting’ attacks. In 118 attacks equipment typically referred to as a ‘black box’ was used, and malware was used in the other 22 attacks. Related losses were up 142%, from €0.45 million to €1.09 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST Publishes European Fraud Update 1-2020

EAST has just published its first European Fraud Update for 2020. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 2 non-SEPA countries, at the 50th EAST meeting held in Vienna on 12th February 2020.

Payment fraud issues were reported by eighteen countries. Seven countries reported CNP fraud occurring worldwide. One reported that the card data is either bought in bulk or obtained via card testing/BIN attacks. The attackers use scripts/bots (not real people) to conduct the fraud. Four countries reported BIN attacks. One reported that they are originating from the Middle East for the first time and another reported them in relation to both CP and CNP fraud, with losses reported in the USA, the UK and Brazil. Two countries reported Account Takeover Fraud, one of them in connection with SIM swapping.

Six countries reported phishing. One reported the use of fake emails by criminals to impersonate bank customers, claiming that their bank account details have changed. Another reported that online banking was targeted, and a third country reported phishing using social networks, with related fraud occurring in China. Three countries reported SMS phishing (Smishing). One of them reported this related to token validation transactions – the IP addresses are in Morocco and the fraud occurs in an EU country with losses via Western Union.

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert.

ATM malware and logical attacks were reported by twelve countries – one reported successful ATM malware attacks where ‘Cutlet Maker’ was used, and ten reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2020 the EAST Expert Group on All Terminal Fraud (EGAF) has published one related Fraud Alert.

Card skimming at ATMs was reported by ten countries, and the downward trend continues. Six countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the usage of ‘M1 – Overlay Skimming Devices’ and ‘M2 – Throat Inlay Skimming Devices’ was also reported. Skimming attacks on other terminal types were reported by eight countries. Four reported attacks on unattended payment terminals (UPTs) at petrol stations, and three reported attacks at railway ticket machines. To date in 2020 EAST EGAF has published four related Fraud Alerts.

Year to date International skimming related losses were reported in 14 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Five countries reported card trapping attacks, one of them reporting a new method that allows several cards to be captured in one attack. Three countries reported transaction reversal fraud (TRF) incidents. To date in 2020 EAST EGAF has published two related Fraud Alerts.

Ram raids and ATM burglary were reported by eleven countries and eleven countries reported explosive gas attacks, one of which resulted in a fatality. Eight countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks continues to increase across Europe. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion. The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.
To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published two related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

EAST Publishes European Fraud Update 3-2019

European FraudEAST has just published its third European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 49th EAST Meeting held in London on 8th October 2019.

Payment fraud issues were reported by seventeen countries. Social engineering is a key concern. Seven countries reported phishing attacks. One of them stated that fraudsters are using phishing to get targets for fake web campaigns where consumers can win money, and another reported fake web surveys aimed at getting consumer data. In one country the quality of vishing calls is improving, where the people making the spoof calls are very believable and often have local accents from the customer’s home area. Impersonation fraud was reported by four countries – in one of them police officers are impersonated, and another reported spoof calls being received by customers from bank call centres.

Card Not Present (CNP) fraud was reported by six countries. One of them reported CNP fraud at digital media players. Contactless fraud was reported by two countries – in one of them it is related to lost and stolen cards, and in the other card present (CP) transactions are being made at small merchants up to the allowed limit. To date in 2019 the EAST Payments Task Force (EPTF)  has issued five related Payment Alerts.

ATM malware and logical attacks were reported by five countries – one reported a new way of getting malware onto an ATM, that did not succeed, and four reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts.

Card skimming at ATMs was reported by thirteen countries. Overall skimming incidents in Europe continue to decline. Three countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the most recent variants continue to be made of transparent plastic. To date in 2019 EAST EGAF has published thirteen related Fraud Alerts. Year to date International skimming related losses were reported in 41 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Four countries reported card trapping attacks, one of them reporting such attacks at fake terminals, designed to resemble lobby door opening devices at bank branches.

Ram raids and ATM burglary were reported by nine countries and twelve countries reported explosive gas attacks. After one such attack collateral damage of over €200,000 was reported. Six countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks is increasing across Europe. This explosive is also known as the ‘Mother of Satan’. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion.

The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published nine related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National and Associate).

EAST FCS ATM Physical Attacks Seminar 2019

ATM Physical Attacks

ATM Physical AttacksAn EAST FCS ATM Physical Attacks Seminar was held on 9th October 2019 in London, co-located with RBRs ATM & Cyber Security 2019 Conference. The interactive event followed the basic structure of work group meetings held by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP). This group, which meets twice a year, provides a platform for law enforcement and private sector experts to come together and share attack information, trends and statistics in a structured manner.

ATM Physical AttacksThe event was chaired by Sarah Staff of SaferCash.  EAST Executive Director Lachlan Gunn gave an overview of EAST and EGAP, highlighting new definitions produced by the group, before presenting the latest ATM Physical Attack Statistics from the H1 2019 European Payment Terminal Crime Report.

Miguel-Angel Villanueva-Guijarro of Europol then gave a high level view of the ATM physical attack situation across Europe and how Europol is structured to handle cross-border cases.  This was followed by threat assessments from Europe and South Africa:

  • France – Guillaume Bourez – OCLDI
  • Netherlands – Marc Wosten – Dutch National Police
  • Spain – Daniel Zorzo Lopez – Guardia Civil
  • South Africa – Gregory Singh – SABRIC
  • United Kingdom – Neil Smyth – Metropolitan Police Service

These were followed by a presentation on banknote infrared (IR) recognition by David Milner of EURICPA and Niels Riedel of the ECB.  This covered, from the perspective of the ECB, the current position with regard to how banknote sorting machines will detect banknotes with IR markers, as well as a look at the future.

ATM Physical AttacksThe event concluded with a Question and Answer session chaired by Sarah Staff and with Daniel Zorzo Lopez, Miguel-Angel Villanueva-Guijarro, Marc Wosten, Gregory Singh and David Milner on the Panel.

Attendance at the regular EAST EGAP work group meetings is limited and this event enabled active participation and input from a much wider pool of expertise.

More information on the event can be found on the EAST Events Website


2019 EAST FCS ATM Physical Attack Seminar Sponsors

 

 

 

ATM malware and logical attacks fall in Europe

EAST has just published a European Payment Terminal Crime Report covering the first six months of 2019 which reports that ATM malware and logical attacks continue to trend downwards.

ATM malware and logical attacks against ATMs were down 43% (from 61 to 35) and all bar one of the reported ‘jackpotting’ attacks are believed to have been unsuccessful. Malware was used for 3 of the attack attempts and the remainder were ‘black box’ attacks. Related losses were down 100% (from €0.25 million to €0.00 million), although a small loss (less than €1,000) was reported in one case.

EAST Executive Director Lachlan Gunn said, “This fall in logical and malware attacks is very good news and reflects the work that has been put into preventing such attacks by the industry and law enforcement. In January 2019, supported by our Expert Group on All Terminal Fraud (EGAF), Europol updated their ‘Guidance & recommendations regarding logical attacks on ATMs’, which was first published in 2015. These Guidelines, which have been widely shared with ATM deployers and law enforcement agencies, reinforce the recommendations made by the ATM vendors.”

Terminal related fraud attacks were up 59% (from 6,760 to 10,723 incidents). This increase was primarily due to an increase in transaction reversal fraud attacks (up from 2,292 to 5,649 incidents), while card skimming incidents fell to an all time low (down from 985 to 731 incidents). This downward trend reflects the success of EMV and that measures to counter skimming at terminals, along with geo-blocking, are working well in Europe.

Total losses of €124 million were reported, up 16% from the €107 million reported during the same period in 2018. This increase is primarily due to a rise in international losses due to card skimming (up from €87 million to €100 million), which indicates that EMV implementation is not yet complete globally with resultant risks for European cardholders. Losses due to transaction reversal fraud were up 135% (from €1.36 million to €3.2 million).

ATM related physical attacks were up 16% (from 2,046 to 2,376 incidents). Attacks due to ram raids and ATM burglary were up 3% (from 590 to 610 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 3% (from 490 to 503 incidents). Losses due to ATM related physical attacks were €11.4 million, a 25% decrease from the €15.1 million reported during the same period in 2018.

The average cash loss for a robbery is estimated at €15,140 per incident, the average cash loss per explosive or gas attack is €10,161 and the average cash loss for a ram raid or burglary attack is €9,632. These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National and Associate)